Data backup method and data processing system having data maintenance function

ABSTRACT

The present invention provides a non-stop data processing system having an online data backup function. The method according to the present invention is a data backup method for a computer system having a central processing unit for performing multitask processing, a multiple memory constituted by a plurality of memory devices for online storing data processed by tasks of the central processing unit, and a data backup memory for saving data of the multiple memory, wherein the central processing unit performs parallel processing of (a) user task(s) to treat usual work between the central processing unit and the multiple memory and a maintenance task to save data online from memory devices as a part of the multiple memory to the data backup memory. A data processing system according to the present invention is a data processing system having a central processing unit for performing multitask processing, a multiple memory constituted by a plurality of memory devices for storing data currently processed, and a data backup memory for saving data of the multiple memory, wherein: the central processing unit has (a) user task(s) to write currently processed data into the multiple memory, and a maintenance task to stop updating of memory devices as a part of the multiple memory and save data to the data backup memory; and the system further has an online interface whereby access to the respective memory devices of the multiple memory by the user task(s) and the maintenance task is relayed online.

BACKGROUND OF THE INVENTION

The present invention relates to a non-stop computer system having amultiple secondary memory and particularly relates to a non-stop databackup method and a system for saving maintenance data from thesecondary memory in a period of online processing.

A non-stop computer system of the type which runs continuously for 24hours for purposes such as global information processing is required. Inthis type system, it is necessary to perform maintenance work withoutstopping processing of usual work through a computer. It is thereforepreferable that the maintenance work is constructed in a redundancysystem.

Data backup processing is a part of the maintenance work. That is, dataare saved from memory means acting as a part of a secondary memory (forexample, a magnetic disk device) accumulated online to another medium(for example, a magnetic tape device), to prepare for recovery of themissing of data caused by system-down or the like. In this case, thereis the necessity of such consideration that data in the memory means ina period of data backup must be updated without such lacking ofconsistency that data are partly new and partly old.

A method using a double disk device is used as a data backup method ofthe type in which usual work is not stopped. According to the method, anoperating system (hereinafter called OS) of the central processing unitaccesses two disks by using an online interface (in this case, adisk-access interface) at the time of processing of usual work tothereby freely read data from the two disks and freely write data intothe two disks. When data are to be saved, the OS sets one of the disksto an offline state so that only one disk can be accessed through theonline interface. Then, data are read from the disk set to the offlinestate, so that the data are saved to a magnetic tape or the like. Anoffline method in which data are saved from an offline disk to amagnetic tape through another processor or the like is generally usedfor data backup.

Examples of the data management technique in a data processing systemusing a computer include: a packing store file double control methoddisclosed in Japanese Patent Un-examined Publication No. JP-A-62-212819filed on Mar. 14, 1986 by Nippon Electric Co., Ltd.; a double auxiliarymemory device disclosed in Japanese Patent Un-examined Publication No.JP-A-2-133845 filed on Apr. 8, 1986 also by Nippon Electric Co., Ltd.;and a double file management method disclosed in Japanese PatentUn-examined Publication No. JP-A-1-207821 filed on Feb. 16, 1988 byFujitsu Limited.

The offline data backup method is disadvantageous in cost and runningperformance in that the number of necessary equipments is increased sothat the procedure of changing connection of one processing system toanother processing system becomes troublesome and, at the same time,this method lacks both reliability and flexibility in construction of anon-stop data processing system.

It may be considered that the OS of the central processing unit whichcurrently runs for offline work performs parallel processing of usualwork and data backup work for saving data from a disk set to an offlinestate by using an offline interface not opened to users. In the systemconstruction using such an interface not opened to users, however, thereis much possibility that confusion may occur at the time ofreconstruction of the system. When, for example, the specification forthe offline interface is changed by improvement in the version of the OSwithout any notice to users, software maloperations will occurimmediately. Furthermore, because the programming interface foraccessing the offline disk is different from the programming interfacefor accessing the online disk, it is necessary for a program to bealways aware of the fact that the offline disk is subject to beaccessed. If any mistake in description is made at the time ofgenerating of a program, there is a large risk that disk access bymistake may cause destruction of data or the like.

As described above, there is the present situation that a real systemcapable of performing parallel processing of data backup work and usualwork in a computer system which runs continuously has not been providedyet.

SUMMARY OF THE INVENTION

An object of the present invention is to provide a data backup method inwhich online processing can be made through a central processing unitwhich currently runs for usual work, and to provide a highly-reliablenon-stop data processing system which can be flexibly adapted to a faultof equipment, extension of equipment, reconstruction of equipment, andso on to thereby solve the aforementioned problems in the conventionaltechniques.

According to an aspect of the present invention, there is provided adata backup method for a computer system having a central processingunit for performing multitask processing, a multiple memory constitutedby a plurality of memory devices for online storing data processed bytasks of the central processing unit, and a data backup memory forsaving data of the multiple memory, wherein the central processing unitperforms parallel processing of a user task to treat usual work betweenthe central processing unit and the multiple memory and a maintenancetask to save data online from memory devices as a part of the multiplememory to the data backup memory.

According to an embodiment of the present invention, there is providedan online interface whereby access to the respective memory devices ofthe multiple memory by the user task and the maintenance task is relayedonline.

According to another embodiment of the present invention, the secondarymemory further has a control portion for dynamically changing the memorydevices permitted to be accessed by respective tasks, correspondingly toa task currently executed by the central processing unit.

According to the present invention, multitask processing of a user taskto treat usual work for writing data into a multiple secondary memoryand a maintenance task to save data from the secondary memory to anothermedium is performed by a computer system.

When a maintenance task is started in the condition where all the memorydevices of the secondary memory are accessed by user tasks, generally,memory devices permitted to be accessed by the maintenance task aregenerally determined on the basis of attributes respectively given tothe tasks or on the basis of matching between the attributes andoperating modes dynamically given to the memory devices, for parallelprocessing of the user tasks and the maintenance task.

As described above, each of the memory devices of the multiple memoryhas an operating mode which can be set independent of other memorydevices, so that a memory controller limits the task permitted to beaccessed corresponding to the operating mode. As the operating mode ischanged, the task permitted to be accessed is changed.

Accordingly, even data backup processing through the multiple memory inthe condition where online work runs currently can be accessed throughan online interface. There is no necessity of providing the data backupmemory as an offline memory as in the conventional techniques and,accordingly, there is no trouble as occurs in the case where an offlineinterface not opened to users is used.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a functional block diagram of a computer system having a databackup function showing an embodiment of the present invention;

FIG. 2 is an explanatory view of a task attribute table for settingattributes of respective tasks;

FIG. 3 is an explanatory view of a disk mode table for setting operatingmodes of respective disks;

FIG. 4 is a time chart for explaining the processing and operation ofthe system depicted in FIG. 1;

FIG. 5 is a flow chart of a process for setting a maintenance mode to amultiple disk device from a data backup task (maintenance task);

FIG. 6 is a flow chart of a process for accessing the multiple diskdevice from the data backup task (maintenance task);

FIG. 7 is a flow chart of a process for canceling the maintenance modeof the multiple disk device from the data backup task (maintenancetask); and

FIG. 8 is a flow chart of a process for setting a maintenance mode tothe multiple disk device from a data backup task (maintenance task)while avoiding a disk in which a fault occurs.

DESCRIPTION OF THE PREFERRED EMBODIMENTS

FIG. 1 is a functional block diagram showing a data processing systemhaving a data backup function for explaining an embodiment of thepresent invention. This system has a central processing unit 1 forperforming parallel processing of usual work (user task) and data backupwork (maintenance task), a multiple memory 3 constituted by a pluralityof secondary memory devices (in this embodiment, two disk devices 12 and13) for storing data currently processed in usual work, a data backupmemory (in this embodiment, a magnetic tape device) 4 used for savingdata from the memory devices (disks) 12 and 13.

The central processing unit 1 includes a main memory not shown, forstoring user tasks 5 to treat usual work, a maintenance task 6 forsaving data on the disks, and a task attribute table 7 for storingattributes of the user tasks 4 and the maintenance task 6. The centralprocess unit 1 further has a disk device driver 8 for providing anonline interface between each task of the central processing unit 1 andthe double disk device 3, and a magnetic tape device driver 9 forproviding an interface between each task on the central processing unit1 and the magnetic tape device 4. These device drivers are provided assoftware used for controlling peripheral devices from the centralprocessing unit 1, so that the software can be changed easily in thecase where peripheral devices are changed.

The double disk device 3 has a double disk control portion 11 forcontrolling the disk-A 12 and disk-B 13 as the double disk device, and adisk mode table 10 for storing the current operating modes of the disk-A12 and disk-B 13.

In the computer system constructed as described above, when amaintenance task 6 for data backup is started in online work where dataprocessed by a user task 5 are stored in either of the disks A and Bused as a double disk, the disks can be respectively allocated for theuser task 5 and the maintenance task 6 so that data can be saved fromeither of the disks A and B to the magnetic tape 4 as parallelprocessing while the user task is continued.

The system in this embodiment, as described above, has a multitaskfunction for parallel processing of the user task 5 and the maintenancetask 6 through the central processing unit 1. In the case of asingle-processor computer system in which the central processing unit 1is constituted by a single processor, the multitask function is executedthrough a process of dividing a plurality of tasks task by time. On theother hand, in the case of a multi-processor system in which the centralprocessing unit 1 is constituted by a plurality of processors, access todisks by respective tasks is serialized by an OS common to therespective processors. As described above, the multitask function isadvantageous in that it is not required for an accessed disk to be awareof whether the central processing unit 1 is constituted by a singleprocessor or by a plurality of processors.

A user attribute and a maintenance attribute indicating operating modesof disk devices permitted to be accessed are respectively given to theuser task 5 and the maintenance task 6 in the form of different datapatterns, for example, 00 and 11 as shown in FIG. 2, on the table 7.Operating modes (user mode or maintenance mode) respectively allocatedalso to the disks of the double disk device 3 so as to be changeable areset on the table 10 as shown in FIG. 3. The double disk control portion11 allocates an access request of the user attribute task 5 to the diskA set to the user mode and allocates an access request of themaintenance attribute task 6 to the disk B set to the maintenance mode.That is, disks respectively permitted to be accessed by the tasks arelimited by pattern matching between the attributes of the tasks and theoperating modes of the disks. As the operating modes of the respectivedisks are changed dynamically, disks permitted to be accessed by therespective tasks can be changed dynamically. Accordingly, it is notrequired for each of the tasks to be aware of which disk is to beaccessed on program.

FIG. 4 is a flow chart showing access by the respective tasks and thechanges of the operations of the two disks in this system. Both the twodisks of the double disk device 3 are usually set to a user mode. Hence,when an access request is issued from a user task 5, the double diskcontrol portion 11 equally accesses the two disks 12 and 13 to keep datastored in the two disks equal (period a).

When in the state of period a an interrupt command for data backup isprovided from a console 2 or the like, a maintenance task 6 is operatedso that this system starts parallel processing of the user task 5 andthe maintenance task 6. First, the maintenance task 6 issues amaintenance mode setting request, so that the double disk controlportion 11 receiving the request changes the mode of one of the twodisks (in this embodiment, the mode of disk B) to a maintenance mode. Asa result, the disk B is prohibited from being accessed by the user task5, so that data updating of the disk B is stopped. Because the mode ofthe disk A is kept in a user mode while the data updating of the disk Bis stopped, the user task 5 continues usual work by using the disk A ofthe user mode. Then, the maintenance task 6 issues a data readingrequest to the double disk control portion 11. Because the data backuptask 6 has an attribute for maintenance, the reading request of the taskis accessed to the disk B of the maintenance mode by the double diskcontrol portion 12. Data read from the disk B are written into themagnetic tape device 4. When all data are read, the maintenance task 6issues a maintenance mode canceling request to the control portion 11 toterminate the data backup processing (period b).

When the data backup work is terminated, the control portion 11 resetsthe disk B of the maintenance mode to a user mode. Because the disk Breturned to the user mode is free from updating of data stored thereinin the period of data backup processing, data are copied from the disk Aby hardware means to thereby make data equal between the two disks(online copy). Although the online copy has been known for a long timeas a measure used at the time of fault recovery of the double diskdevice, the online copy task may be processed in parallel with the usertask 5 (period c). When the equalizing of the two disks is terminated,the two disks are returned to the original form of a double disk deviceso that the user task 5 can equally access the disks 12 and 13 (periodd).

In the following, this embodiment, with respect to matching betweentasks and disks and canceling, will be described more in detail.

FIG. 5 is a flow chart showing a process of setting a maintenance mode.When a maintenance task 6 is operated in the condition where a user task5 runs currently, the maintenance task 6 issues a maintenance modesetting request to the disk device driver 8 in a step S101. The diskdriver 8 receiving the request relays it to the double disk controlportion 11 (a step S102), so that the control portion 11 checks whetheror not there is any disk of maintenance mode while referring to the diskmode table 10 for all N (in this embodiment, N=2) disks (steps S103 andS104). If the maintenance mode has been set already, the setting requestis canceled as error (a step S105) so that all the two disks of thedouble disk device are not set to the maintenance mode simultaneously.If there is no setting of the maintenance mode in each of the disks, thedisk of number N (in this embodiment, N=2, that is, disk-B 13) is set tothe maintenance mode (a step S106). When the disk-B 13 is set to themaintenance mode, access requests given from user tasks 5 are executedonly with respect to the disk-A 12 being in the user mode so that datain the disk-B 13 cannot be updated through the user tasks 5. Asdescribed above, the maintenance mode setting request given by themaintenance task in the central processing unit 1 can be providedwithout specifying of one from the disks of the double disk device 3.

FIG. 6 is a flow chart showing a process for matching between tasks anddisks after the setting of the maintenance mode. The maintenance task 6issues an access request to the disk driver (a step S201). The driver 8receiving the access request acquires the attribute of the task issuingthe access request while referring to the task attribute table 7 andsends out the access request, together with the task attribute, to thedouble disk control-portion 11 (steps S202 and S203). The controlportion 11 receiving both the task attribute and the access request (astep S204) detects all disk devices permitted to be accessed by thereceived task attribute (steps S205 and S206) and executes accessrequested to the all disk devices thus detected (a step S207). Becausein this embodiment the maintenance task 6 is an access requester, themaintenance attribute is matched with the maintenance mode of N=2 sothat the disk B is accessed to perform reading of backup data. Theresult of access is returned to the task which is an access requester,through the disk device driver 8. Because in this system the user task 5and the maintenance task 6 are processed in parallel, the matching inthe step S206 and the execution of access in the step S207 are performedcorrespondingly to these tasks so that the tasks can respectively accessthe disks without being aware of the disks.

FIG. 7 is a flow chart showing a process for canceling the maintenancemode. When the data backup work to the magnetic tape device 4 isterminated, the maintenance task 6 issues a maintenance mode cancelingrequest to the double disk control portion 11 through the disk devicedriver 8 (a step S301). The double disk control portion 11 receiving thecanceling request resets the disk-B 13 of maintenance mode to a usermode while referring to the disk attribute table 10 (steps S304 andS305).

In the aforementioned embodiment, the relations between tasks and disksto be accessed are decided by matching between the attributes of thetasks and the operating modes of the disks. This system, however, can beapplied to the case where the relations of disks with attributes may bedecided so as to be fixed by providing only the attributes of the tasks.In this case, for example, the control portion 11 receiving themaintenance attribute controls disks to select the disk number 2 (thedisk B). Because disks permitted to be accessed by the task attributecan be decided also in this case, access through an online interface canbe made without any necessity of programming.

In the following, another embodiment of the invention in which thesystem is operated by a multiple disk device constituted by three ormore disks will be described. In the method in which disks to besubjected to data reading are described on a program of the maintenancetask 6, as in the conventional techniques, wasteful labor is requiredfor incorporating a data backup process for designating a normal disk atthe time of detecting of a fault disk and then saving data from thefault disk to the normal disk, into the maintenance task on theconsideration of the case where a fault occurs in a disk which runscurrently. According to the present invention, however, the diskcontroller 11 can decide disks to be set to the maintenance mode sodynamically that the disk controller 11 can set normal disks to themaintenance mode while avoiding a fault disk, by adding a fault mode tothe user and maintenance modes and neglecting the existence of the diskset to the fault mode.

FIG. 8 is a flow chart showing a process of setting the maintenance modewhile avoiding the fault disk. A fault of a disk is detected by adiagnosis means (not shown) of the disk control portion 11 on the basisof contradiction of data in a disk management area, and so on. When afault disk is detected, the mode of the fault disk on the table 10 isset to a fault mode by the control portion 11. When in this condition amaintenance mode setting request to set one of the three or more disksto the maintenance mode is issued from the maintenance task 6 (a stepS401), the disk control portion 11 checks whether the mode of each diskis neither maintenance mode nor fault mode (steps S405 and 406) andupdates the disk number set to the user mode to variable C so that thedisk numbers finally stored in the variable C are set to the maintenancemode after the checking of the all disks (a step S407).

In this embodiment, access to a fault disk can be avoided even in thecase where the maintenance task 6 (of course, also the user task 5)accesses a disk without being aware of the state of the disk.

The respective aforementioned embodiments have been described upon thecase where one memory means in a double or triple memory is used fordata backup work and the residual one or two memory means areexclusively used for usual work. In the recent type fault tolerantcomputer system and the like, it is required to multiplex work inclusiveof maintenance work. The present invention can be applied to such needsby operating this system with a multiple disk device constituted by fouror more disks. That is, four disks are usually used in the user mode buttwo disks are set to the maintenance mode at the time of data backup.Data are equally read from the two disks by the maintenance task so thatthe magnetic tape device driver 9 selects one earlier reaching theretoto store the selected data in the magnetic tape device 4. Hence, notonly the user task 5 but the maintenance task 6 can be always guaranteedby the double route at the least, so that reliability on the system canbe improved.

According to the present invention, usual work and data backup work canbe processed in parallel through changing a part of the memory fromaccess of the user task to access of the maintenance task, so that it isnot necessary to provide any special processor for data backup, as inthe prior art. Furthermore, an online interface opened to users can beused, so that a highly-reliable non-stop data processing system can beprovided. Furthermore, access of each task to the respective memorymeans of the multiple memory can be designated in an higher-rank level,so that it is not required for the task to be aware of the memory meansto be accessed. Accordingly, failure and data destruction caused by amistake on program can be prevented so that this system can be flexiblyadapted to system modification. Furthermore, the memory means permittedto be accessed by the task can be changed dynamically at the multiplememory side, so that a data backup method flexibly adapted to a fault ofa disk can be provided.

What is claimed is:
 1. A data backup method for a computer system havinga central processing unit for performing a plurality of tasks inparallel, a multiple memory including at least two memory means and acontrol means for managing said memory means, and a data backup memoryfor backup of data stored in said memory means of said multiple memory,said method comprising the computer-executed steps of:storing anoperation mode of each said memory means of said multiple memory into atable previously provided in said multiple memory; when said centralprocessing unit issues a maintenance task for evacuating data from saidmemory means of said multiple memory to said backup memory, said controlmeans performs the steps of: comparing an operation mode assigned tosaid maintenance task with said operation mode stored in said table ofeach said memory means of said multiple memory; changing the operationmode of at least one memory means to said operation mode assigned tosaid maintenance task in accordance with a result of said comparingstep; and executing said maintenance task with respect to said memorymeans whose operation mode has been changed.
 2. A data backup method fora computer system having a central processing unit for performing aplurality of tasks in parallel, a multiple memory including at least twomemory means and a control means for managing said memory means, and adata backup memory for backup of data stored in said memory means ofsaid multiple memory, said method comprising the computer-executed stepsof:successively storing operation modes of said memory means in saidmultiple memory into a table previously provided in said multiplememory; when said central processing unit issues a maintenance task forevacuating data from said memory means of said multiple memory to saidbackup memory, said control means performs the steps of: comparing anoperation mode assigned to said maintenance task with said operationmodes stored in said table of each said memory means of said multiplememory; after said comparing step, when there is no operation modecoincident with said operation mode assigned to said maintenance task insaid table, changing the operation mode lastly stored in the memorymeans of said multiple memory means to said operation mode assigned tosaid maintenance task; and executing said maintenance task with respectto said memory means whose operation mode has been changed.
 3. A databackup method for a computer system having a central processing unit forperforming a plurality of tasks in parallel, a multiple memory includingat least two memory means and a control means for managing said memorymeans, and a data backup memory for backup of data stored in said memorymeans of said multiple memory, said method comprising thecomputer-executed steps of:successively storing operation modes of saidmemory means in said multiple memory or a failure mode indicative of afailure of the memory means into a table previously provided in saidmultiple memory; when said central processing unit issues a maintenancetask for evacuating data from said memory means of said multiple memoryto said backup memory, said control means performs the steps of:comparing an operation mode assigned to said maintenance task with saidoperation modes stored in said table of each said memory means of saidmultiple memory; after said comparing, when there is no operation modecoincident with said operation mode assigned to said maintenance task insaid table, changing the operation mode lastly stored in the memorymeans of said multiple memory means to said operation mode assigned tosaid maintenance task; and executing said maintenance task with respectto said memory means whose operation mode has been changed.
 4. A databackup method according to claim 1, wherein when a user task is executedto store data from said central processing unit to said memory means ofsaid multiple memory, it is prohibited from writing data from saidcentral processing unit to said memory means whose operation mode hasbeen changed.
 5. A data backup method according to claim 1, wherein ifsaid comparing step shows there is an operation mode coincident withsaid operation mode assigned to said maintenance task in said table,said comparing step is stopped.
 6. A data processing system having acentral processing unit for performing a plurality of tasks in parallel,a multiple memory including at least two memory means and a memorymanagement means for managing said memory means, and a data backupmemory for backup of data stored in said memory means of said multiplememory, said multiple memory comprising:a table for storing an operationmode for each said memory means of said multiple memory; memorymanagement means for managing said memory means comprising:a) comparingmeans for comparing an operation mode assigned to a maintenance taskissued from said central processing unit for evacuating data from saidmemory means to said backup memory with said operation mode stored insaid table of each said memory means of said multiple memory, b) controlmeans for changing the operation mode of at least one memory means tosaid operation mode assigned to said maintenance task, c) executionmeans for starting execution of a maintenance task for evacuation ofdata from said at least one memory means to said data backup memory.